awdawcawdawdaw[.]dll

Sharing

Copy URL

Twitter E-mail

General

Target

awdawcawdawdaw.dll
Size

364KB
MD5

7205f7a87ae43f2a44e957da375ec737
SHA1

c0f05bf3fac27fa03fdc19fae2d4bbd1e9c44132
SHA256

318440d1fdbe2178d0c00f259b27430b1d6951de2b436157d8ad2139a30f62b4
SHA512

be0c6174a8fff24043e7c4c19c37cf71cb751d33476d15e1cf29fa7ce1f6e993f0cae8c5ec02a96f1e75b1f909f9e94a6c4d6267bdb7dec88cadb9bf3ecdc4e2
SSDEEP

6144:xKwmzKKeCO9UAhB++UcyBhc9SsSSWNPXfer7EGjvlBRuncqXxCtHx:xKVwBewwcy7sIXfeEGj0zs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
awdawcawdawdaw.dll

Files

awdawcawdawdaw.dll
.dll windows x86

Password: infected

42a50e195c5c5405470deae5d165b11f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

crypt32

CryptProtectData
CryptUnprotectData
CertOpenStore
CertFindCertificateInStore
CertFreeCertificateChain
CertCloseStore
CryptQueryObject
CertEnumCertificatesInStore
CertFindExtension
CertCreateCertificateChainEngine
CryptBinaryToStringA
CertFreeCertificateChainEngine
CryptStringToBinaryA
CertFreeCertificateContext
CertGetCertificateChain
CertAddEncodedCertificateToStore
CryptDecodeObjectEx
CertDeleteCertificateFromStore
PFXImportCertStore
CertCreateCertificateContext
CertGetNameStringA
CertAddCertificateContextToStore

advapi32

QueryServiceStatus
LookupPrivilegeValueW
SetSecurityDescriptorDacl
AdjustTokenPrivileges
CryptAcquireContextA
RevertToSelf
RegNotifyChangeKeyValue
GetSecurityDescriptorDacl
RegCloseKey
RegDeleteKeyExW
RegEnumKeyW
RegOpenCurrentUser
CryptAcquireContextW
RegQueryInfoKeyW
AccessCheck
GetAce
EqualSid
CloseServiceHandle
RegQueryValueExA
CryptGenRandom
OpenSCManagerW
RegDeleteKeyW
AllocateAndInitializeSid
GetSecurityDescriptorGroup
RegCreateKeyExW
GetSecurityDescriptorControl
GetSecurityDescriptorOwner
GetTokenInformation
CryptReleaseContext
LookupAccountNameW
RegEnumKeyExA
RegQueryValueExW
RegEnumValueW
RegOpenKeyW
QueryServiceStatusEx
LookupAccountSidW
OpenThreadToken
AddAccessAllowedAce
DuplicateTokenEx
GetUserNameW
CryptGetHashParam
GetLengthSid
EnumServicesStatusW
OpenServiceW
RegDeleteValueW
QueryServiceConfigW
DuplicateToken
CreateProcessAsUserW
RegGetValueW
RegOpenKeyExW
InitializeAcl
RegOpenKeyExA
InitializeSecurityDescriptor
CheckTokenMembership
GetFileSecurityW
StartServiceW
FreeSid
OpenProcessToken
CryptDestroyHash
RegSetValueExW
IsValidSid
ImpersonateLoggedOnUser
CryptHashData
ImpersonateSelf
CryptCreateHash
RegEnumKeyExW

rpcrt4

RpcServerListen
RpcMgmtStopServerListening
UuidCreate
RpcAsyncInitializeHandle
RpcSsDestroyClientContext
UuidFromStringW
RpcStringFreeA
RpcServerUseProtseqEpW
I_RpcBindingInqLocalClientPID
RpcBindingFromStringBindingA
RpcAsyncCancelCall
RpcStringBindingParseW
RpcStringFreeW
RpcAsyncCompleteCall
RpcServerRegisterIf2
RpcStringBindingComposeW
RpcServerUnregisterIf
RpcBindingFromStringBindingW
UuidToStringW
RpcStringBindingComposeA
RpcBindingFree
RpcBindingSetAuthInfoExA

ws2_32

getsockname
send
socket
ntohs
connect
getservbyname
gethostname
recvfrom
recv
getsockopt
htonl
getpeername
sendto
ioctlsocket
setsockopt
WSAGetLastError
ntohl
select
closesocket
bind
__WSAFDIsSet
WSACleanup
WSAStartup
WSASetLastError
shutdown
htons

mpr

WNetGetConnectionW

winmm

timeKillEvent
timeSetEvent

bcrypt

BCryptFinalizeKeyPair
BCryptGenerateKeyPair
BCryptOpenAlgorithmProvider
BCryptExportKey
BCryptDeriveKey
BCryptDestroyKey
BCryptEncrypt
BCryptGenerateSymmetricKey
BCryptSecretAgreement
BCryptSetProperty
BCryptImportKeyPair
BCryptDestroySecret
BCryptCloseAlgorithmProvider

ntdll

VerSetConditionMask

kernel32

InitializeSListHead
CreateIoCompletionPort
GetTickCount
WaitNamedPipeW
GetDateFormatW
QueryPerformanceCounter
SetDllDirectoryW
GetProcessHandleCount
MulDiv
LocalUnlock
VirtualQuery
GetProcessTimes
GetDriveTypeW
OpenThread
LoadLibraryExW
LoadLibraryW
FindNextVolumeW
GetExitCodeProcess
FlushFileBuffers
SetUnhandledExceptionFilter
CreateTimerQueue
CheckRemoteDebuggerPresent
ConnectNamedPipe
AreFileApisANSI
CreateDirectoryW
GetStartupInfoW
GetCPInfoExW
ReadFile
GetModuleFileNameA
OpenEventA
SizeofResource
QueryDosDeviceW
TryEnterCriticalSection
RemoveVectoredExceptionHandler
GetVolumeInformationW
GetLogicalDrives
CancelIo
GetFileInformationByHandleEx
SetThreadLocale
CompareFileTime
InitOnceBeginInitialize
FindFirstFileW
GetFileSizeEx
InitOnceExecuteOnce
SetHandleInformation
CreateTimerQueueTimer
WritePrivateProfileStringW
FindFirstFileExW
SetWaitableTimer
CompareStringW
TlsSetValue
FindFirstVolumeW
GetSystemDefaultLCID
VirtualProtect
CreateSemaphoreExW
HeapFree
SetLastError
EnterCriticalSection
VirtualFree
GetCommandLineW
GetFullPathNameW
FindNextFileW
GetLongPathNameW
GetCurrentProcess
CreateWaitableTimerW
ReleaseSemaphore
WriteFile
RegisterWaitForSingleObject
GetModuleHandleExW
ExpandEnvironmentStringsW
GetSystemDefaultUILanguage
UnregisterWait
GetShortPathNameW
OutputDebugStringA
GetStringTypeExW
DeviceIoControl
VirtualAlloc
TerminateProcess
RemoveDirectoryW
GetFinalPathNameByHandleW
GetProcessIdOfThread
LoadLibraryExA
GetUserDefaultLangID
GetModuleFileNameW
CreateNamedPipeW
GetSystemTimes
WaitForMultipleObjects
InitializeProcThreadAttributeList
GetThreadLocale
SetEnvironmentVariableW
SetProcessShutdownParameters
GetGeoInfoW
GetLocaleInfoEx
GetUserDefaultLocaleName
GetProcessId
DeleteTimerQueueEx
GetUserDefaultUILanguage
SetThreadPriority
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
CreatePipe
InitializeCriticalSection
ExpandEnvironmentStringsA
SetErrorMode
SetFilePointer
GetFullPathNameA
GetQueuedCompletionStatus
GetEnvironmentVariableW
SetEndOfFile
UnlockFileEx
GetTempPathW
CreateMutexW
InitializeCriticalSectionEx
WaitForMultipleObjectsEx
GetEnvironmentVariableA
FindClose
GetLocaleInfoW
GetVolumePathNameW
WaitForSingleObject
LocalAlloc
CreateFileW
GetFileAttributesW
GetCurrentThreadId
OpenEventW
GetVersionExW
QueryThreadCycleTime
ReleaseMutex
GetSystemDirectoryW
GetComputerNameExW
GlobalDeleteAtom
ResumeThread
UnmapViewOfFile
DuplicateHandle
GetModuleHandleA
DisconnectNamedPipe
GlobalAddAtomW
OpenProcess
HeapSize
SetFileAttributesW
GetLogicalDriveStringsW
CreateEventW
MultiByteToWideChar
GetExitCodeThread
ProcessIdToSessionId
GetPrivateProfileStringW
Sleep
GetFileInformationByHandle
FormatMessageW
GetTimeZoneInformation
LocalFileTimeToFileTime
GetTickCount64
GetLastError
UpdateProcThreadAttribute
GetFileAttributesExW
ReleaseSRWLockExclusive
OutputDebugStringW
MoveFileExA
CreateFileA
GetUserDefaultLCID
SetEvent
FileTimeToSystemTime
GetDiskFreeSpaceExW
GetCurrentThread
InitOnceComplete
AcquireSRWLockExclusive
GetSystemDirectoryA
TerminateThread
LoadLibraryA
WaitForSingleObjectEx
TlsAlloc
GetVersionExA
LockResource
QueryPerformanceFrequency
GetThreadPriority
DeleteFileW
OpenSemaphoreW
HeapReAlloc
CloseHandle
ReleaseSRWLockShared
GetNativeSystemInfo
GetNumberFormatW
RaiseException
GetSystemInfo
MapViewOfFile
CreateThread
FindResourceExW
ResetEvent
GetWindowsDirectoryA
LoadResource
FindResourceW
HeapAlloc
FileTimeToLocalFileTime
GetLocalTime
GetUserGeoID
GetCurrentDirectoryW
CreateWaitableTimerA
AddVectoredExceptionHandler
HeapDestroy
UnlockFile
GetWindowsDirectoryW
GetPriorityClass
GetProcAddress
SetFilePointerEx
CreateMutexExW
UnregisterWaitEx
LocalFree
GetTimeFormatW
MoveFileExW
GetThreadId
LockFileEx
AcquireSRWLockShared
IsProcessorFeaturePresent
WTSGetActiveConsoleSessionId
GetFileSize
DeleteCriticalSection
ExitProcess
LCMapStringW
ReadProcessMemory
GetComputerNameW
FindVolumeClose
GetCurrentProcessId
UnhandledExceptionFilter
GetProcessHeap
SystemTimeToFileTime
GlobalMemoryStatusEx
CreateProcessW
GetModuleHandleW
FreeLibrary
CreateSemaphoreW
CopyFileW
FlushInstructionCache
WideCharToMultiByte
GetVolumePathNamesForVolumeNameW
SleepEx
VerifyVersionInfoW
TlsGetValue
GetThreadTimes
SystemTimeToTzSpecificLocalTime
QueryFullProcessImageNameW
GetTempFileNameW
GetSystemTimeAsFileTime
GetFileType
DeleteTimerQueueTimer
TlsFree
GetSystemTime
FormatMessageA
IsBadReadPtr
DebugBreak
SetProcessWorkingSetSize
CreateFileMappingW
CreateEventA
IsDebuggerPresent

user32

ReleaseCapture
DrawFrameControl
UpdateWindow
PtInRect
RegisterWindowMessageW
GetParent
GetProcessWindowStation
OpenDesktopW
GetClassInfoExW
SystemParametersInfoW
EnableMenuItem
SetScrollPos
GetDesktopWindow
PostQuitMessage
KillTimer
DrawIconEx
SetRect
DrawTextW
ActivateKeyboardLayout
GetDlgItem
GetClientRect
CheckMenuItem
SetWindowLongW
SetScrollRange
SwitchDesktop
wsprintfW
GetUserObjectInformationW
SetCursor
SetClipboardData
InsertMenuW
GetWindowDC
SetParent
GetClassNameW
IsGUIThread
LoadCursorW
EnumDesktopWindows
FindWindowW
LoadIconW
TranslateMessage
SetPropW
OpenInputDesktop
SendNotifyMessageW
SetFocus
DrawTextExW
DestroyMenu
LoadBitmapW
EnumWindows
MoveWindow
IsWindowEnabled
GetForegroundWindow
GetSysColor
SendDlgItemMessageW
SetMenuDefaultItem
CreateDesktopW
SetWindowDisplayAffinity
GetKeyboardLayout
TrackMouseEvent
DrawStateW
SetWindowPlacement
MapWindowPoints
RegisterClassW
GetKeyboardLayoutList
PeekMessageW
ExitWindowsEx
CloseClipboard
ClientToScreen
SetForegroundWindow
GetKeyboardLayoutNameW
CopyRect
GetMonitorInfoW
IsHungAppWindow
DestroyIcon
RedrawWindow
SetTimer
DispatchMessageW
GetCapture
OffsetRect
OpenClipboard
CloseDesktop
InSendMessage
GetAsyncKeyState
IsWindow
ShowWindow
GetSubMenu
LoadStringW
GetThreadDesktop
TrackPopupMenu
SetThreadDesktop
DrawIcon
GetWindowPlacement
GetScrollPos
WindowFromPoint
RegisterClassExW
MsgWaitForMultipleObjects
NotifyWinEvent
SetWindowTextW
UnregisterClassW
LoadImageW
WaitForInputIdle
SendMessageW
ScreenToClient
DeleteMenu
UnionRect
GetIconInfo
CreateWindowExW
FillRect
SetWindowRgn
MonitorFromWindow
CopyImage
GetPropW
keybd_event
MessageBoxW
EqualRect
SetWindowPos
IsWindowVisible
GrayStringW
GetDC
InflateRect
DestroyWindow
GetFocus
SendMessageTimeoutW
GetMenuItemID
GetWindowRect
GetLastInputInfo
FindWindowExW
GetWindow
MonitorFromPoint
MapVirtualKeyW
PostMessageW
CallWindowProcW
AllowSetForegroundWindow
LoadMenuW
CharLowerW
GetKeyState
ModifyMenuW
DefWindowProcW
TabbedTextOutW
CreateDialogParamW
GetMessageW
GetWindowTextLengthW
GetWindowThreadProcessId
GetWindowLongW
InvalidateRect
GetAncestor
IsIconic
ReleaseDC
GetCursorPos
GetGUIThreadInfo
BeginPaint
EndPaint
GetWindowRgn
SendInput
EnableWindow
GetWindowTextW
GetDlgCtrlID
GetSystemMetrics

gdi32

PtVisible
SetTextAlign
Escape
CreateFontIndirectW
CreateBitmap
CreateSolidBrush
DeleteObject
Polygon
GetViewportExtEx
RoundRect
GetRgnBox
ExtTextOutW
GetObjectW
ExtCreatePen
CreatePen
BitBlt
CreateCompatibleBitmap
AddFontResourceExW
SelectObject
RemoveFontResourceW
CreateCompatibleDC
RectVisible
SetPixel
PatBlt
EnumFontFamiliesExW
StretchBlt
GetTextExtentPointW
CreateFontW
GetStockObject
GetClipBox
GetCurrentPositionEx
CreateRoundRectRgn
GetBitmapBits
GetDIBits
GetDeviceCaps
CreatePatternBrush
GetPixel
GetTextAlign
CreateRectRgn
DeleteDC
TextOutW
GetTextExtentPoint32W
SetTextColor
SetBitmapBits
SetBkMode
AddFontResourceW

msimg32

GradientFill

comdlg32

GetSaveFileNameW
GetOpenFileNameW

ole32

CoUninitialize
CLSIDFromString
OleRun
CoInitializeSecurity
CoTaskMemFree
CoInitializeEx
CoCreateGuid
CoTaskMemAlloc
CoInitialize

oleaut32

VariantClear
SysAllocStringLen
SafeArrayCreate
SysStringLen
SafeArrayLock
SysAllocString
SysFreeString
SafeArrayUnlock
LoadTypeLi
VariantInit
SafeArrayDestroy

Exports

Exports

asw_process_storage_allocate_connector
asw_process_storage_deallocate_connector
on_avast_dll_unload
onexit_register_connector_avast_2
watchdog

Sections

.text
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 196KB - Virtual size: 196KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

42a50e195c5c5405470deae5d165b11f

Headers

DLL Characteristics

File Characteristics

Imports

version

crypt32

advapi32

rpcrt4

ws2_32

mpr

winmm

bcrypt

ntdll

kernel32

user32

gdi32

msimg32

comdlg32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 108KB - Virtual size: 108KB

.rdata Size: 40KB - Virtual size: 40KB

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 196KB - Virtual size: 196KB

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 108KB - Virtual size: 108KB

.rdata
Size: 40KB - Virtual size: 40KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 196KB - Virtual size: 196KB

.reloc
Size: 8KB - Virtual size: 8KB